NOTE: The default configuration files delivered with
preconfigured role: Administrator. By default, the Administrator role is assigned all
After defining valid roles, you can assign them to one or more users or UNIX groups. Attempting to assign a role that has not been created to users will display an error message indicating that the role does not exist.
Assigning Roles to Users
Separating role creation from role assignment offers the following advantages:
•Requiring that roles be created before they are assigned ensures that any typographical errors are caught when specifying role names during role assignment.
•Allows different users to perform each task. For example, the same user is not required to both create the roles and assign the roles.
After creating valid roles, use the roleadm command to assign them to the appropriate users, as shown in the following examples:
#roleadm assign luman Administrator roleadm assign done in /etc/rbac/user_role
#roleadm assign rwang UserOperator roleadm assign done in /etc/rbac/user_role
After using the roleadm assign command to assign roles to users, you can use the roleadm list command to verify that the roles were assigned correctly, for example:
#roleadm list root: Administrator luman: Administrator rwang: UserOperator
NOTE:
Assigning Roles to Groups
Assign, revoke, or list group and role information using the roleadm command by inserting an ampersand (&) at the beginning of the user value and enclosing the user value in quotations. The group name value and ampersand (&) must be shell escaped or enclosed in quotations to be interpreted by roleadm. For example:
# roleadm assign "&groupname" role
Step 2: Configuring Authorizations
Configuring authorizations is similar to creating and assigning roles. However, authorizations contain two elements: an operation and an object. The *
Configuring
